npm · Malicious package advisory
Malwareasavie-ui
MAL-2026-4268
Malicious code in asavie-ui (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (bf12a913426dee622d500474fe3629c5bb3246e1793e3f210916885c6d0481a9) callback.js collects host identity information (os.hostname(), os.userInfo()) and transmits it via https.get() to an external endpoint at install/load time. The combination of OS-level identity collection followed by outbound HTTPS in a callback script is consistent with installer reconnaissance/beaconing. The package name and structure (a 99.x.x version of a generic UI-named package) further suggests a non-legitimate publication. No corresponding legitimate functionality (no UI code, no documented purpose) accompanies the data-collection routine. ## Source: ossf-package-analysis (b0478f8efd496e7baa22fc9623c2a786f95453a6ad1f0230d8d4eeca0b12f17f) The OpenSSF Package Analysis project identified 'asavie-ui' @ 99.0.2 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (1)
- 99.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.